Cisco Releases Critical Patch to Thwart Active Exploits Targeting High-Severity Flaws

Hackers Target Vulnerable Endpoints, Urgent Action Required to Secure Networks

News recently emerged of malicious actors exploiting a critical vulnerability in specific Cisco devices, enabling them to gain full administrative control over entire networks. This vulnerability was discovered in the Web User Interface of Cisco IOS XE software that is connected to the public internet. As a result, any Cisco endpoint, including routers and switches, running this software with enabled HTTP and HTTPS Server features and connected to the internet, was susceptible to complete device takeover.

At the time, it was estimated that around 80,000 endpoints were impacted by this flaw, which is officially tracked as CVE-2023-20198, and carries a severity rating of 10, signifying its critical nature. The second vulnerability, tracked as CVE-2023-20273, holds a severity score of 7.2.